← travelgaid.de
ENDE
gaid GmbH

Privacy Policy

For the use of the mobile app "gaïd" (iOS and Android)

gaid GmbH

For the use of the mobile app "gaïd“ (iOS and Android)

I. General Information on the Collection of Personal Data, Contact Details of the Controller

(1) SCOPE OF THIS POLICY

We provide you with the mobile app "gaïd“ for iOS and Android, which you can download from the Apple App Store or the Google Play Store. In the following, we inform you about the collection and processing of personal data when using our app. Personal data means any data that can be related to you personally, e.g. name, email address, location, usage behaviour.

(2) DATA CONTROLLER

The controller responsible for data processing pursuant to Art. 4(7) of the EU General Data Protection Regulation (hereinafter "GDPR") is:

Drakestraße 22

40545 Düsseldorf

Germany

Commercial register: Local Court (Amtsgericht) Düsseldorf, HRB 112399

Authorised managing directors: Lea Charlotte Cirener, Eva Katharina Raum

Email: hello@travelgaid.de

Contact for data protection enquiries: hello@travelgaid.de

II. Contacting Us

(1) DATA COLLECTED AND PURPOSE OF DATA PROCESSING

When you contact us by email (hello@travelgaid.de) or via a contact form, your email address and the data you provide (e.g. name, message) will be processed by us in order to respond to your enquiry.

(2) LEGAL BASIS

We process your personal data on the basis of Art. 6(1)(b) GDPR where your enquiry relates to the initiation or performance of a contract. Otherwise, we process your personal data on the basis of Art. 6(1)(f) GDPR to safeguard our legitimate interests in responding to your enquiry. Insofar as your personal data is processed on the basis of Art. 6(1)(f) GDPR, you may object to the processing pursuant to Art. 21 GDPR.

(3) RETENTION PERIOD

The personal data collected in this context will be stored for the duration of the processing of your enquiry. Beyond that, we will only store personal data to the extent that statutory retention obligations apply.

III. Collection of Personal Data When Using the App

(1) DATA COLLECTED DURING APP USE AND PURPOSE OF DATA PROCESSING

When using the app, we collect the technically necessary data described below in order to provide you with the functions of the app and to ensure its stability and security:

(2) LEGAL BASIS

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the technically stable and secure provision of the app. Insofar as your personal data is processed on the basis of Art. 6(1)(f) GDPR, you may object to the processing pursuant to Art. 21 GDPR.

(3) RETENTION PERIOD

The data collected during app use (logs) will be stored for 90 days and subsequently deleted automatically.

(4) DATA RECIPIENTS AND THIRD-COUNTRY TRANSFERS

The data collected during app use is stored on servers of Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany. We have concluded a data processing agreement with Hetzner pursuant to Art. 28 GDPR.

(5) MAPS AND LOCATION FEATURES

The map display in our app is provided via a self-hosted map service based on MapLibre Martin, operated on the servers of Hetzner Online GmbH. No data is transmitted to external map providers (e.g. Apple Maps, Mapbox, Google Maps).

For location-based features (e.g. "places nearby", linking to external map and routing services), your current location may be determined via the location services of your device. The processing of location data takes place exclusively on your device; no transmission of your location data to our servers occurs. Accordingly, no processing of personal location data by us within the meaning of the GDPR takes place. You may allow or revoke location access at any time in the settings of your app or operating system.

(6) "ADD OWN SPOTS" FEATURE

The "Add Own Spots" feature allows you to create private Collections within the app and add your own places (spots) to these Collections. You may also upload photos from your device's photo library. The spots, Collections and photos you add are stored on our servers for cross-device synchronisation and linked to your pseudonymous user ID (App User ID). Your Collections and spots are visible only to you; no disclosure to other users takes place.

The legal basis for the processing is your consent pursuant to Art. 6(1)(a) GDPR, which you grant implicitly by adding your own spots and content. You may revoke your consent at any time by deleting the relevant spots, photos or Collections within the app. The revocation shall not affect the lawfulness of the processing carried out on the basis of the consent prior to its revocation.

The data stored in connection with the "Add Own Spots" feature will be retained until you manually delete it, but no longer than until the deletion of your user account. Upon account deletion, all spots, Collections and uploaded photos created by you will be irrevocably deleted.

The data collected in connection with the "Add Own Spots" feature is stored on servers of Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany. We have concluded a data processing agreement with Hetzner pursuant to Art. 28 GDPR.

IV. Registration of a User Account

(1) DATA COLLECTED UPON REGISTRATION, PURPOSE OF DATA PROCESSING, LEGAL BASIS

Upon registration and in the course of the ongoing administration of your user account, we process the following personal data (mandatory information):

Email address

Password (stored in encrypted form)

Display name (username)

The processing of mandatory information is carried out for the purpose of establishing and performing the user agreement (Art. 6(1)(b) GDPR).

When creating a user account and via the account settings, we additionally process the following personal data:

First name

Last name

This information is voluntary and serves to personalise the user account.

In addition, you may voluntarily provide further information (e.g. profile picture, place of residence, travel interests). This information is not required for the registration and use of your account. The processing of voluntary information is based on your consent given by providing the data (Art. 6(1)(a) GDPR). You may revoke any consent given at any time by removing the voluntary information from the app. The revocation shall not affect the lawfulness of the processing carried out on the basis of the consent prior to its revocation.

(2) SINGLE SIGN-ON: SIGN IN WITH APPLE AND SIGN IN WITH GOOGLE

As an alternative to the standard registration process, you may register and log in via "Sign in with Apple" (Apple Distribution International Ltd.) or "Sign in with Google" (Google Ireland Limited). We do not use any other SSO services (e.g. Meta).

When using "Sign in with Apple" or "Sign in with Google", the respective provider transmits to us the data necessary for registration (typically name and email address). When using "Sign in with Apple", you may additionally use the "Hide My Email" feature, whereby only an Apple-generated relay address is transmitted to us.

The use of the SSO services is otherwise governed by the privacy policies of the respective provider.

(3) RETENTION PERIOD

The data will be stored by us until the deletion of your account. You may delete your user account at any time within the app via the "Delete Account" menu option. Deletion is also possible by sending an email to hello@travelgaid.de. Upon deletion, all data collected and stored in connection with your registration will be deleted, unless statutory retention obligations require otherwise.

(4) DATA RECIPIENTS AND THIRD-COUNTRY TRANSFERS

When using "Sign in with Apple", your authentication data is transmitted to Apple Distribution International Ltd., Hollyhill Industrial Estate, Cork, Ireland. When using "Sign in with Google", data is transmitted to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Apple Distribution International Ltd. and Google Ireland Limited may forward data to their respective parent companies in the USA. For further information, please refer to the privacy policies of the respective providers.

V. Error Analysis and Push Notifications

To ensure the reliable operation of our app, we use the following services.

1. Error Analysis with Sentry (Self-Hosted)

(1) DATA COLLECTED AND PURPOSE OF DATA PROCESSING

To identify and resolve software errors and crashes, we use the Sentry service. Sentry is operated by us in a self-hosted instance ("Self-hosted Sentry") on servers of Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany. No data is transmitted to the Sentry provider (Functional Software Inc., USA).

In the event of an error or crash, the following data is transmitted to our Sentry instance:

Error message and stack trace of the faulty code

Device type, operating system and version, app version

Time of the error

Pseudonymous session ID

The collection of IP addresses is expressly disabled in our Sentry instance. The transmitted data does not, by design, contain any personal data. Should personal data nevertheless be included in exceptional cases, we collect such data solely for the purpose of error resolution.

(2) LEGAL BASIS

The legal basis for the data processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in the error-free operation of our app.

(3) RETENTION PERIOD

Error data in our Sentry instance is stored for 90 days and subsequently deleted automatically.

(4) DATA RECIPIENTS AND THIRD-COUNTRY TRANSFERS

The Sentry instance is operated on servers of Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany. We have concluded a data processing agreement with Hetzner pursuant to Art. 28 GDPR. No transfer to third countries takes place.

2. Push Notifications (Apple APNS and Firebase Cloud Messaging)

(1) DATA COLLECTED AND PURPOSE OF DATA PROCESSING

For sending push notifications to your device, we use the platform-specific push services:

on iOS devices: Apple Push Notification Service (APNS), operated by Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland;

on Android devices: Firebase Cloud Messaging (FCM), operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

In order to send you push notifications, we require a push token from your device. This token is generated by your operating system upon the first launch of the app and transmitted to our servers (hosted by Hetzner Online GmbH, Germany).

You may deactivate push notifications at any time in the system settings of your device.

(2) LEGAL BASIS

The legal basis is Art. 6(1)(a) GDPR (your consent given by actively agreeing to receive push notifications in the system dialogue). You may revoke your consent at any time by deactivating notifications. The revocation shall not affect the lawfulness of the processing carried out prior to the revocation.

(3) RETENTION PERIOD

We store your push token for as long as push notifications are activated on your device and your user account exists.

(4) DATA RECIPIENTS AND THIRD-COUNTRY TRANSFERS

Apple Push Notification Service (APNS): The contractual partner for data processing in the EU is Apple Distribution International Ltd. (Ireland).

Firebase Cloud Messaging (FCM): The contractual partner for data processing in the EU is Google Ireland Limited (Ireland). Data may be further processed by Google LLC, USA. Google is certified under the EU-US Data Privacy Framework. The European Commission determined by decision of 10 July 2023 that an adequate level of protection is ensured in the USA for transfers to DPF-certified companies. The data processing terms of Firebase can be found at: https://firebase.google.com/terms/data-processing-terms

VI. Newsletter (Beehiiv)

(1) SUBSCRIPTION

On our website, via external landing pages (e.g. Linktree) and within our app, you have the option to subscribe to our newsletter. For the subscription, we use the so-called double opt-in procedure. This means that after you sign up, we will send you an email to the email address you provided, asking you to confirm your subscription. This confirmation is necessary to prevent anyone from signing up with someone else's email address.

(2) DATA COLLECTED AND PURPOSE OF DATA PROCESSING

For the newsletter subscription, we process the following data:

(3) LEGAL BASIS AND REVOCATION

The legal basis is your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 7(2) No. 3 of the German Unfair Competition Act (UWG).

You may revoke your consent to receive the newsletter at any time. You may declare the revocation by clicking the "Unsubscribe" link provided in each email or by sending an email to hello@travelgaid.de. The revocation shall not affect the lawfulness of the processing carried out on the basis of the consent prior to its revocation.

(4) RETENTION PERIOD

The data collected about you will be stored for as long as a newsletter subscription exists.

(5) DATA RECIPIENTS AND THIRD-COUNTRY TRANSFERS

For the dispatch of the newsletter, we use the service Beehiiv, operated by Beehiiv, Inc., 228 Park Ave S, PMB 72810, New York, NY 10003-1502, USA. The data you enter for the purpose of receiving the newsletter is stored on Beehiiv's servers in the USA. The data transfer to Beehiiv Inc. in the USA is based on Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en

We have concluded a data processing agreement (Data Processing Agreement) with Beehiiv pursuant to Art. 28 GDPR, in which we oblige Beehiiv to protect user data, not to disclose it to third parties and not to use it for its own purposes.

Further information can be found in Beehiiv's privacy policy at: https://www.beehiiv.com/privacy

VII. Subscriptions and In-App Purchases

(1) SUBSCRIPTION MODEL

Our app offers a subscription model ("gaïd Premium“). The subscription unlocks all curated content as well as premium features. The purchase of a subscription is made exclusively via the App Store (iOS) or Google Play Store (Android).

(2) APPLE / GOOGLE AS CONTRACTUAL PARTNER

When purchasing a subscription, you enter into the payment agreement directly with Apple (Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland) or Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Apple and Google act as so-called "Deemed Suppliers": you conclude the subscription agreement with the respective store operator, not directly with us. Accordingly, the privacy policies of Apple (https://www.apple.com/legal/privacy/) and Google (https://policies.google.com/privacy) apply to the payment processing. gaid provides the premium content and features as the developer of the app on the basis of the user agreement between you and gaid.

We ourselves do not receive any payment data such as credit card numbers or bank details. We are merely informed by the respective app store that a subscription has been purchased and which subscription level is active.

The purchase of a subscription is voluntary. Without a subscription, the premium features of the app cannot be used; the free basic use of the app remains unaffected.

(3) DATA COLLECTED AND PURPOSE OF DATA PROCESSING

In order to manage the subscription status of our users, verify purchase receipts and control access to premium features, we process the following data, which is transmitted to us by Apple or Google via the respective app store interfaces:

(4) LEGAL BASIS

The legal basis is Art. 6(1)(b) GDPR (performance of the user agreement between you and gaid, in particular the provision of premium content and features).

(5) RETENTION PERIOD

We store the subscription status and associated data for as long as your account is active. Purchase receipts and billing-related data are stored beyond that for the duration of the statutory retention periods.

(6) DATA RECIPIENTS AND THIRD-COUNTRY TRANSFERS

For the management of subscriptions and the validation of purchase receipts, we use the service RevenueCat Inc., 66 Mint Street, Suite 300, San Francisco, CA 94103, USA ("RevenueCat“). RevenueCat assists us in managing the subscription status of our users across app stores, verifying purchase receipts and controlling access to premium features. RevenueCat is based in the USA. We have concluded a data processing agreement with RevenueCat pursuant to Art. 28 GDPR. The data transfer to RevenueCat Inc. in the USA is based on Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en.

Further information can be found in RevenueCat's privacy policy at: https://www.revenuecat.com/privacy

VIII. Online Presence on Instagram

(1) DATA COLLECTED AND PURPOSE OF DATA PROCESSING

We maintain an online presence on Instagram (@travel.gaid) in order to communicate with customers, prospective customers and users active on the platform and to inform them about our services.

In our app and on our website, we use only simple links to our social media profiles. When loading our app or website, no automatic connection to the respective networks is established. Only by independently selecting the network to be visited will you be redirected to the respective platform.

Please note that when using our Instagram page, the platform provider Meta (Meta Platforms Ireland Ltd.) processes personal data about you. Meta provides us with aggregated, anonymised statistics on the use of our page ("Page Insights"). These include, in particular, usage data such as page views and interactions as well as — where provided by Meta — demographic data. We ourselves do not have access to the underlying personal data. For the collection and transmission of your data to Meta in connection with Page Insights, Meta and we are jointly responsible (Art. 26 GDPR). The essential contents of the agreement on joint controllership concluded between us and Meta (the so-called "Page Insights Controller Addendum") can be viewed at https://www.facebook.com/legal/terms/page_controller_addendum. For further data processing, Meta alone is responsible as the platform provider. Information on data processing by Meta can be found at: https://privacycenter.instagram.com/policy

(2) LEGAL BASIS

The processing of personal data in connection with Page Insights is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in the external presentation of our offering and communication with our target audience.

In connection with message enquiries via our Instagram page, we process your personal data on the basis of Art. 6(1)(b) GDPR where your enquiry relates to the initiation or performance of a contract. Otherwise, we process your personal data on the basis of Art. 6(1)(f) GDPR to safeguard our legitimate interests in responding to your enquiry. Insofar as your personal data is processed on the basis of Art. 6(1)(f) GDPR, you may object to the processing pursuant to Art. 21 GDPR.


(3) RETENTION PERIOD

In connection with message enquiries via our Instagram page, we store personal data for the duration of the processing of your enquiry. Beyond that, we will only store personal data to the extent that statutory retention obligations apply.

Regarding the retention period at Meta, we refer to Meta's privacy policy: https://privacycenter.instagram.com/policy.

(4) DATA RECIPIENTS AND THIRD-COUNTRY TRANSFERS

Responsible for data processing in connection with Instagram is Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, Ireland. Meta may forward data to Meta Platforms Inc., USA. Meta Platforms Inc. is certified under the EU-US Data Privacy Framework (adequacy decision of the European Commission of 10 July 2023). For further information, please refer to Meta's privacy policy: https://privacycenter.instagram.com/policy.

IX. Your Rights as a Data Subject

Where we process personal data about you, you are a data subject within the meaning of the GDPR and, subject to the statutory requirements, you are entitled to the following rights:

(1) Right of Access (Art. 15 GDPR)

You have the right to obtain information at any time about your personal data that we process.

(2) Right to Rectification and Completion (Art. 16 GDPR)

If your personal data is inaccurate or incomplete, you have the right to rectification and completion.

(3) Right to Restriction of Processing (Art. 18 GDPR)

Where the statutory requirements are met, you may request the restriction of the processing of your personal data.

(4) Right to Erasure (Art. 17 GDPR)

You may request the erasure of your personal data at any time, provided that we are not legally obliged or entitled to continue processing. You may also delete your user account at any time within the app via "Delete Account".

(5) Right to Data Portability (Art. 20 GDPR)

Where processing is based on your consent and carried out by automated means, you have the right to receive the data you have provided in a structured, commonly used and machine-readable format.

(6) Right to Object (Art. 21 GDPR)

You have the right to object to processing where the data processing is carried out for the purposes of direct marketing or profiling. You may object to processing based on a balancing of interests by stating grounds relating to your particular situation.

(7) Right to Withdraw Consent

You have the right to withdraw your data protection consent at any time. The withdrawal shall not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.

(8) Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement.

Competent supervisory authority for gaid GmbH:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen)

Kavalleriestraße 2-4, 40213 Düsseldorf

Phone: +49 211 38424-0

Email: poststelle@ldi.nrw.de

Website: https://www.ldi.nrw.de

No automated decision-making, including profiling, within the meaning of Art. 22 GDPR takes place.

X. Amendments to this Privacy Policy

Version of this privacy policy: May 2026

Due to the further development of our app and offerings or as a result of changes in statutory or regulatory requirements, it may become necessary to amend this privacy policy. The current version of the privacy policy can be accessed and printed at any time within the app under the menu item "Privacy Policy".